RFR (JAXP): 8028111 : XML readers share the same entity expansion counter

Alan Bateman Alan.Bateman at oracle.com
Thu Nov 14 10:51:07 UTC 2013

On 13/11/2013 22:08, huizhe wang wrote:
> :
> Each parser has its own copy of XMLSecurityManager that maintains the 
> values of the limits. The parser is reset before it starts to parse a 
> document. Resetting the values managed by XMLSecurityManager therefore 
> makes sure that the limits are per document.
> Daniel sent me a private email to question if the reset in 
> PropertyManager is safe. He was right. I traced that back to the 
> previous patch in that the StAX parsers actually were sharing the same 
> XMLSecurityManager, and also XMLSecurityPropertyManager. I've changed 
> the code so that they are cloned.
> webrev:
> http://cr.openjdk.java.net/~joehw/jdk8/8028111/webrev/
Sorry about that, having it called XMLSecurityManager when it's not a 
SecurityManager is always confusing. In that case, it looks okay to me.


More information about the core-libs-dev mailing list